dirkjanm / pkinittools Goto Github PK
View Code? Open in Web Editor NEWTools for Kerberos PKINIT and relaying to AD CS
License: MIT License
Tools for Kerberos PKINIT and relaying to AD CS
License: MIT License
The pfx I obtained using adcs esc8
proxychains4 python3 getnthash.py -key 2797e04fc0a00ce9277ff8ebcf276fe0f660158bc970d560c988a2007180a216 redteam/DC$ -dc-ip 192.168.1.1 -debug
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16
Impacket v0.12.0.dev1+20240130.154745.97007e84 - Copyright 2023 Fortra
[+] Impacket Library Installation Path: /usr/local/lib/python3.11/dist-packages/impacket-0.12.0.dev1+20240130.154745.97007e84-py3.11.egg/impacket
[+] Using Kerberos Cache: dc.ccache
[+] SPN KRBTGT/[email protected] not found in cache
[+] AnySPN is True, looking for another suitable SPN
[+] No valid credentials found in cache.
Traceback (most recent call last):
File "/home/kali/Desktop/PKINITtools/getnthash.py", line 273, in <module>
dumper.dump()
File "/home/kali/Desktop/PKINITtools/getnthash.py", line 121, in dump
decodedTGT = decoder.decode(tgt, asn1Spec = AS_REP())[0]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/pyasn1/codec/ber/decoder.py", line 1337, in __call__
raise error.SubstrateUnderrunError(
pyasn1.error.SubstrateUnderrunError: Short octet stream on tag decoding
[-] Short octet stream on tag decoding
Hi,
Thank you for your effort developing this tool. I am trying to use the tool to request a TGT but it currently fails. See below for the command I used and the related error.
──(shadow)─(root💀kali)-[/home/kali/pentest/PKINITtools-master]
└─# python3 gettgtpkinit.py adlab.local/user_t_1_admins user_t_1_admins.ccache -cert-pfx /home/kali/pentest/pywhisker-main/hHKEiIIf.pfx -pfx-pass OhEKkA1wkW7FC1xUX337
2021-09-13 19:40:13,894 minikerberos INFO Loading certificate and key from file
2021-09-13 19:40:13,919 minikerberos INFO Requesting TGT
Traceback (most recent call last):
File "/home/kali/pentest/PKINITtools-master/gettgtpkinit.py", line 349, in
main()
File "/home/kali/pentest/PKINITtools-master/gettgtpkinit.py", line 345, in main
amain(args)
File "/home/kali/pentest/PKINITtools-master/gettgtpkinit.py", line 315, in amain
res = sock.sendrecv(req)
File "/home/kali/pentest/PKINITtools-master/shadow/lib/python3.9/site-packages/minikerberos/network/clientsocket.py", line 87, in sendrecv
raise KerberosError(krb_message)
File "/home/kali/pentest/PKINITtools-master/shadow/lib/python3.9/site-packages/minikerberos/protocol/errors.py", line 20, in init
super(Exception, self).init('%s Error Code: %d Reason: %s ' % (extra_msg, self.errorcode.value, self.errormsg.value))
AttributeError: 'str' object has no attribute 'value'
I'm getting an error similar to #6
/PKINITtools/gets4uticket.py", line 17, in <module>
from minikerberos.common.url import KerberosClientURL, kerberos_url_help_epilog
ModuleNotFoundError: No module named 'minikerberos.common.url'
I've run pip3 install impacket minikerberos
per the docs and pip3 list
shows
minikerberos 0.4.0
The command I'm attempting to execute is
┌──(venv)─(user@tehbox)-[~/PKINITtools]
└─$ KRB5CCNAME=out.ccache python3 gets4uticket.py kerberos+ccache://tehdomain.com\\tehdc\$:[email protected] cifs/[email protected] [email protected] targetuser.ccache -v
any ideas on solving this one?
I've tried uninstalling a few times, making sure its not using pip3 cache, and Ive also tried installing minikerbeos from the repo
Python version: Python 3.9
OS: Kali Linux 2021.XX
PKINIT Status: Worked with Rubeus
I encountered the error from minikerberos.pkinit import PKINIT
missing. I had installed oscrypto
and minikerberos
and also did python -m pip install -r requirements.txt
to no avail. I tried sudo and no sudo adaptions also to no avail. In the end, I found that uninstalling minikerberos and installing from their GitHub repository succeeded.
Adding this issue to note the workaround for future reference and closing due to likely pip being out-of-date.
Hello, get this error when trying to get tgt with gettgtpkinit.py (it's ok with rubeus):
python3 gettgtpkinit.py EVIL/DC1-WS2019$ -pfx-base64 @base64Value -dc-ip 192.168.114.2 DC-WS2019.ccache
2021-11-28 04:54:42,236 minikerberos INFO Loading certificate and key from file
2021-11-28 04:54:42,314 minikerberos INFO Requesting TGT
Traceback (most recent call last):
File "/home/kali/Take and learn/PKINITtools-master/gettgtpkinit.py", line 349, in
main()
File "/home/kali/Take and learn/PKINITtools-master/gettgtpkinit.py", line 345, in main
amain(args)
File "/home/kali/Take and learn/PKINITtools-master/gettgtpkinit.py", line 315, in amain
res = sock.sendrecv(req)
File "/home/kali/Take and learn/MSEFSR ADCS/impacket/impacket/lib/python3.9/site-packages/minikerberos/network/clientsocket.py", line 87, in sendrecv
raise KerberosError(krb_message)
minikerberos.protocol.errors.KerberosError: Error Code: 62 Reason: The client trust failed or is not implemented
when I gettgt from a certificate ,I get error show below:
python3 gettgtpkinit.py -cert-pfx ../temp/PetitPotam/host1.pfx -dc-ip 10.0.0.0.1 domain/test$ test.ccache -v 1 ⨯
2021-07-30 04:59:22,388 minikerberos INFO Loading certificate and key from file
2021-07-30 04:59:22,507 minikerberos INFO Requesting TGT
Traceback (most recent call last):
File "/home/kali/PKINITtools/gettgtpkinit.py", line 349, in
main()
File "/home/kali/PKINITtools/gettgtpkinit.py", line 345, in main
amain(args)
File "/home/kali/PKINITtools/gettgtpkinit.py", line 315, in amain
res = sock.sendrecv(req)
File "/usr/local/lib/python3.9/dist-packages/minikerberos-0.2.14-py3.9.egg/minikerberos/network/clientsocket.py", line 87, in sendrecv
minikerberos.protocol.errors.KerberosError: Error Code: 16 Reason: KDC has no support for PADATA type (pre-authentication data)
i need help
proxychains4 python3 gettgtpkinit.py test.com/'DC1$' -pfx-base64 `cat DC01.pfx.b64` -pfx-pass "admin" -dc-ip 172.16.12.8 DC01.ccache
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16
2024-01-04 11:23:56,834 minikerberos INFO Loading certificate and key from file
INFO:minikerberos:Loading certificate and key from file
2024-01-04 11:23:56,853 minikerberos INFO Requesting TGT
INFO:minikerberos:Requesting TGT
Traceback (most recent call last):
File "/home/kali/PKINITtools-master/gettgtpkinit.py", line 349, in <module>
main()
File "/home/kali/PKINITtools-master/gettgtpkinit.py", line 345, in main
amain(args)
File "/home/kali/PKINITtools-master/gettgtpkinit.py", line 315, in amain
res = sock.sendrecv(req)
^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/minikerberos/network/clientsocket.py", line 85, in sendrecv
raise KerberosError(krb_message)
minikerberos.protocol.errors.KerberosError: Error Name: KDC_ERR_CLIENT_NAME_MISMATCH Detail: "Error message not found! Err code: 75"
Hi,
Thank you for this tool.
Upon testing this today on the latest version of Kali I get the below error. I have installed PKINITools as per your instructions here. I believe that wbond/oscrypto#78 is the issue. I also reported the same issue for LdapRelayScan but the fix I found there does not work here. Perhaps because oscrypto is installed during installation of minikerberos and therefore cannot be commented out and replaced.
This is becoming an epidemic. Vital tools are no longer working.
Update 1: Found a temporary fix for this issue. After installing as per the official instructions, execute pip3 install -I git+https://github.com/wbond/oscrypto.git
which will install the current master of oscrypto in which this issue is fixed.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.